Virtual Machine Advance Configuration Options

When a virtual machine is created, there are number of files that are created alongwith. The most important among them is the .vmx file which is the configuration file of the VM. Whatever settings we chose during deployment of virtual machine, is written in this file along with many other configuration settings.

Although most of the virtial machine settings can be edited via web client, we can modify the vmx file directly (not recomended though) also to change configuration settings or to add some extra configuration items.

When we edit the virtual machine settings from Web Client, those settings are written in vmx file of the vm. To do so the VM needs to be in powered-off state.

To modify the settings of a virtual machine, login to Web Client and select VM from the inventory and navigate to Manage > Settings > VM Options > Advanced settings and click on Edit button to make changes to the current configuration.

vmx-1.PNG

Selecting Configuration parameters and clicking on Edit configuration opens a new window where you can modify existing settings or can add new settings by clicking on Add Row button.

vmx-2.PNG

Following are some of the settings which we can modify/add for the virtual machine:

Disk shrinking feature

Shrinking a virtual disk reclaims unused disk space. If there is empty space in the disk, this process reduces the amount of space the virtual disk occupies on the host drive.

isolation.tools.diskWiper.disable = “TRUE”
isolation.tools.diskShrink.disable = “TRUE”

Copy and paste feature:

By default copy and paste operation between the virtual machine operating system and the computer where vSphere client is running is allowed courtesy VMware tools. The following changes are to prevent sensitive data from being accidentally left in the clipboard and a non privileged user from being able to paste this information from another vc session.

isolation.tools.copy.disable = “TRUE”
isolation.tools.paste.disable = “TRUE”

Connecting and modifying devices

By default, the ability to connect and disconnect devices is disabled. When this feature is enabled, users and processes without root or administrator privileges can connect devices such as network adapters and CD-ROM drives, and they can modify device settings. To avoid risks associated with this feature, retain the following .vmx settings, which disable the ability to connect and disconnect devices or to modify device settings:

isolation.device.connectable.disable = “TRUE”
isolation.device.edit.disable = “TRUE”

Configuring virtual machine log number

We all know importance of log rotate and the problems which can occur in an environment if it is not configured. Same holds true for virtual machines. By default a new log file is created for virtual machine when the size reaches 100 KB. Uncontrolled logging of virtual machine log files can lead to VM not accessible when underlying datastore runs out of space.

Below setting can be used to limit the number of log file generation for a VM

vmx.log.keepOld = “10”

Note: If you have 100’s of VM running on a given Esxi host and you want to limit the log file settings, you can edit the /etc/vmware/config file of the Esxi host and add an entry vmx.log.keepOld = “10” (if it is not there or value is not defined)

If you want to completely disable logging for a VM, you can add below parameter in the vmx file, but it is going to make your life very difficult as you will not have any logs with you when it comes to troubleshooting the VM related issues.

logging = “FALSE”

VMX file size

By default the configuration file is limited to a size of 1MB. You can increase the size of the file if large amounts of custom information must be stored in the file, by defining below property (value in kilobytes)

tools.setInfo.sizeLimit = “1048576”

You can even totally disable the above by setting below property

isolation.tools.setInfo.disable = “true”

But this stops the vSphere Client from displaying any information about the Virtual Machine, e.g. IP Address, DNS information (not a good idea in production environment)

Features not exposed in vSphere that could cause vulnerabilities:

isolation.tools.unity.push.update.disable = “TRUE”
isolation.tools.ghi.launchmenu.change = “TRUE”
isolation.tools.ghi.autologon.disable = “TRUE”
isolation.tools.hgfsServerSet.disable = “TRUE”
isolation.tools.memSchedFakeSampleStats.disable = “TRUE”
isolation.tools.getCreds.disable = “TRUE”

For more information about virtual machine advance configuration settings please check out this article

Additional Sources

Security Considerations for Configuring VMware Tools

I hope you find this post informational. Feel free to share this on social media if it is worth sharing. Be sociable 🙂

 

Add a Comment